Threat Advisory – Single Sign-On Phishing

Recently, Optiv’s Global Threat Intelligence Center (gTIC) identified an active phishing campaign against the education sector, in which attackers are stealing credentials and using them to redirect direct deposit paychecks to attacker-controlled accounts. Users are being tricked into entering their single sign-on (SSO) information into a portal that is made to look like the real one, but is controlled by the attacker.

Ransomware Part 2: Technical Analysis

The concept behind ransomware simple: an attacker finds a way to run file encryption software on a machine, and then demands payment in return for a decryption key. Though the implementation of ransomware varies, it follows similar infection vectors as other types of malware. These include malicious email attachments, malicious links and web browser exploits. In this respect implementation does not vary all that much from what we are used to seeing.

Tax Season Attacks – Part 4, Dumpster Diving

Dumpster diving is the practice of combing through commercial or residential waste to find items that have been discarded by their owners. During tax time, people throw away documents with sensitive and potentially lucrative information left over upon completion of tax filing. These papers can include extra copies of W-2s, drafts of IRS forms and worksheets, and copies of financial records from bank accounts and investments.

Tax Season Attacks – Part 3, Shoulder Surfing

Shoulder surfing certainly is not the most technical form of identity theft, but it has been an effective means to commit fraud. Shoulder surfing is the practice of looking over someone’s shoulder to get information. A casual glance from behind, or a quick look at paperwork on a desk, can be enough for an attacker to obtain passwords, credit card data, PINs, and other personal and financial data. It is low-tech, but it works.

Tax Season Attacks – Part 2, Phishing

Tax season is officially upon us, and with it brings out a host of scams against taxpayers. In this blog series we explore three specific attacks: phishing, shoulder surfing and dumpster diving. Read part one for a high level synopsis of each type of attack. In this post we examine phishing scams featuring attackers trying to impersonate the Internal Revenue Service (IRS).

Tax Season Attacks – Part 1

It’s the same routine every year during tax season, employers send out important tax information such as W-2s to their employees, television and radio stations constantly air tax preparation advertisements, and individuals rush to file their tax returns. This brings out a host of scams against taxpayers.